Identifying traffic logged by ipfw

Ben Beuchler insyte at
Fri Apr 16 10:51:33 PDT 2004

I'm working on a new bridging firewall using ipfw on FBSD 5.1.  The goal
is to default to closed with a few exceptions.  To test my ruleset, I end
with this rule:

add 420 allow log ip from any to any

The idea is that by watching the logs I could see what protocols I forgot
to create rules for.  This is what I'm getting in the logs:

Apr 16 16:43:40 bfw kernel: ipfw: 420 Accept MAC in via em2

I'm guessing this means it's matching non-ip traffic, but I couldn't find
any info to confirm this.  Is there any sort of trick I could use to log
the entire packet?  Since nothing about the source or destination was
logged, I don't have enough info to create a tcpdump filter.  Perhaps some
sort of divert rule?



Ben Beuchler                                           There is no spoon.
insyte at                                            -- The Matrix

More information about the freebsd-questions mailing list